from django.shortcuts import render,redirect
from django.contrib.auth.hashers import make_password,check_password
from . import models
import hashlib


# Create your views here.
def index(request):
    return render(request, 'index.html')

def login(request):
    if request.method == 'GET':
        #用户初次进入展示登录表单
        return render(request, 'login.html')
    elif request.method == 'POST':
        context = {
            'message': ''
        }
        # 用户提交表单
        username = request.POST.get('username')
        password = request.POST.get('password')

        # 验证账户名和密码
        user = models.User.objects.filter(name=username).first()
        if user:
            if _hash_password(password) == user.hash_password:
            # if user.password == password:
                context['message'] = '登录成功'
                #服务器设置session和其他用户信息    sessionid（服务器给访问他的浏览器的身份证）是自动生成的
                request.session['is_login'] = True
                request.session['username'] = user.name
                request.session['userid'] = user.id
                return redirect('/index/')      #返回的响应中包含set-cookie（sessionid=’askdjfSEdRF'),浏览器收到请求后会把sessionid存到cookie中
            else:
                context['message'] = '密码不正确'
                return render(request, 'login.html', context=context)
        else:
            context['message'] = '未注册'
            return render(request, 'login.html', context=context)


def register(request):
    if request.method == 'GET':
        #注册表单
        return render(request, 'register.html')
    elif request.method == 'POST':
        username = request.POST.get('username')
        password = request.POST.get('password')
        email = request.POST.get('email')

        # 后端表单验证 （正则最适合）
        # if not (username.strip() and password.strip() and email.strip()):
        #     return render('/register/', context={'message': '某个字段为空'})
        # if len(username) > 20 or len(password)> 20:
        #     print('用户名或密码长度不能超过20')
        # # 排除特殊字符串 eval() \q &$



        # 写数据库
        user = models.User.objects.filter(email=email).first()
        if user:
            return render(request, 'login.html', context={'message': '用户已注册'})
        # 'insert into login_user(name, password, hash_password, gender, email, register_time) value (%s, %s, %s)'%('',',')

        # 加密密码
        hash_password = _hash_password(password)

        # 写数据库
        try:
            user = models.User(name=username, password=password, hash_password=hash_password, email=email)

            user.save()
            return render(request, 'login.html', context={'message': '注册成功，请继续登录'})
        except Exception as e:
            print('保存失败', e)    # 比起render,最好redirect
            return redirect('/register/')




# def register(request):
#     pass

def logout(request):
    """登出"""


    # 清除session登出
    request.session.flush()     # 清除用户session对应的所有的sessiondata
    # del request.session['user_id']      #清空某个session键值
    return redirect('/index/')

def _hash_password(password):
    """哈希加密用户注册密码 """
    sha = hashlib.sha256()
    sha.update(password.encode(encoding='utf-8'))
    return sha.hexdigest()



# def _hash_password(password, salt='asdf'):
#     """ 哈希加密用户注册密码 加盐版"""
#       salt = ''
#       for i in range(4):
#           salt += chr(random.randint(65, 90))
#     sha = hashlib.sha256()
#     sha.update((password+salt).encode(encoding='utf-8'))
#     return '$asdf$'+sha.hexdigest()

  #查询数据库      'select * from login_user where name=%s and passwor d=%s' %(username,password)
        # user = models.User.objects.filter(name=username,password=password).first()